X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=ssh_config;h=b9935085a2abc386f2e2f9cf60a17facb1569d3a;hb=b2a118a0ad79bcee7bd83925ac9df338d6087f2f;hp=2d272842ada17db8c158c4eaa86c115b9b2e6c85;hpb=8fab449d59c0cc250464c03d085625141b4b12a6;p=config%2Fdotfiles.git

diff --git a/ssh_config b/ssh_config
index 2d27284..b993508 100644
--- a/ssh_config
+++ b/ssh_config
@@ -26,6 +26,18 @@
 #     ServerAliveInterval 5
 
 
+# Options are parsed top-to-bottom, the first matching option is used. Later
+# assignments to the same option are ignored, thanks to anonJD in #openssh on
+# Freenode (2011-05-18 21:40 CEST) for letting me know. Therefore put all
+# affected host specific rules here, before the global rules.
+#
+# For example to change the MACs option for a specific host, use:
+#
+# Host host
+#     # Old SSH daemon which needs SHA1 (SHA-512 in case it gets updated).
+#     MACs hmac-sha2-512,hmac-sha1
+
+
 # Rules for all hosts.
 Host *
 
@@ -104,10 +116,10 @@ Host *
 # prevents stale master connections.
     ControlPersist 10
 
-# Hash hosts in ~/.ssh/known_hosts to try to conceal the known hosts. Doesn't
-# help if the ssh hosts are stored in the shell's history file or in this file
-# as shortcut.
-    HashKnownHosts yes
+# Don't hash any hosts in ~/.ssh/known_hosts. It doesn't help if the ssh hosts
+# are stored in the shell's history file or in this file as shortcut so it's
+# rather useless (default).
+    HashKnownHosts no
 
 # Don't permit running local commands (default).
     PermitLocalCommand no
@@ -120,3 +132,5 @@ Host *
     CheckHostIP yes
 # Ask before adding any host keys to ~/.ssh/known_hosts (default).
     StrictHostKeyChecking ask
+# Don't trust host keys from DNS' SSHFP resource records (default).
+    VerifyHostKeyDNS no